product-hunt-launch
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides an installation command for the inference.sh CLI using
curl -fsSL https://cli.inference.sh | sh. This pattern executes a remote script directly in the shell. As this originates from the vendor's own infrastructure (inference.sh), it is documented as a functional requirement for the skill. - [EXTERNAL_DOWNLOADS]: The skill references
dist.inference.shfor downloading binaries and checksum verification. These are vendor-controlled resources used for tool setup. - [COMMAND_EXECUTION]: The skill is configured with permissions for
Bash(infsh *), allowing the agent to execute any command through the inference.sh CLI tool. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through the use of external search tools.
- Ingestion points: Untrusted data from the web enters the agent context via
tavily/search-assistantandexa/searchtools (SKILL.md). - Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the search results.
- Capability inventory: The agent has the ability to execute shell commands via the
infshCLI. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external search queries.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata